Radio Frequency IDentification (RFID) systems are used for identification and/or tracking of equipment, inventory, or living things. RFID systems are radio communication systems that communicate between a radio transceiver, called an Interrogator, and a number of inexpensive devices called Tags. In RFID systems, the Interrogator communicates to the Tags using modulated radio signals, and the Tags respond with modulated radio signals. The Interrogator first transmits an amplitude modulated signal to the Tag. Then, the Interrogator transmits a Continuous-Wave (CW) radio signal to the Tag. The Tag then modulates the CW signal, using Modulated BackScattering (MBS), where the antenna is electrically switched, by the Tag's modulating signal, from being an absorber of RF radiation to being a reflector of RF radiation; thereby encoding the Tag's information onto the CW radio signal. The Interrogator demodulates the incoming modulated radio signal and decodes the Tag's information message.
Over the next decade an enormous growth in the number and proliferation of RFID applications is expected. Many emerging applications will be of a financial nature and will require, for example, that a user's Personal Identification Number (PIN) cannot be intercepted by a hostile eavesdropper. The cellular phone industry is presently under siege by network pirates and industry losses are quoted to be approaching one billion dollars annually. So as not to repeat this particular failing of the cellular industry, RFID system designers should consider network security a top priority. There are three major security issues when transferring data in a wireless system:
1. A legitimate Tag and a legitimate Interrogator are involved in a communication session transferring sensitive data that a hostile eavesdropper would like to intercept.
2. A legitimate Interrogator would be queried by a fraudulent Tag trying to obtain service, such as to acquire data stored in the network or in an Application Processor. (This is similar to the case of someone stealing cellular air time.)
3. A legitimate Tag would be queried by a fraudulent Interrogator trying to acquire data stored in the Tag's memory (like stealing the PIN number from a cellular telephone).
This invention discloses a method for encrypting both the data in a Tag's memory and the data stored in an Application Processor, where by transferring only ciphered data between network endpoints, one can thwart all three security breaches outlined above. This method encrypts the RFID user's PIN and therefore makes the interception and the subsequent illegal use of RFID data at least as difficult as for present day ATM cards. The encryption method can be based upon the US Digital Encryption Standard (DES), either first or third level. The Tag's personal encryption key is only known by the financial database and the RFID Tag. This method can be applied to any type of financial, debt, identification or credit card.